<?php

class App_Models_Comment
{

    private function _fixtags($text)
    {
        $text = htmlspecialchars($text);
        $text = preg_replace("/=/", "=\"\"", $text);
        $text = preg_replace("/&quot;/", "&quot;\"", $text);
        $tags = "/&lt;(\/|)(\w*)(\ |)(\w*)([\\\=]*)(?|(\")\"&quot;\"|)(?|(.*)?&quot;(\")|)([\ ]?)(\/|)&gt;/i";
        $replacement = "<$1$2$3$4$5$6$7$8$9$10>";
        $text = preg_replace($tags, $replacement, $text);
        $text = preg_replace("/=\"\"/", "=", $text);
        return $text;
    }

    public function get_comments($table,$key,$id)
    {
        $db = Core_Db::instance();
        
        $result = $db->query("SELECT * FROM `". $table."` WHERE `".$key."` = " .  mysql_real_escape_string($id) . " ORDER BY `date`;");

        if ($result) {

           
            return $result;
        } else {
            return false;
        }
    }

    public function add_comment($table,$key,$article_id,$author,$email,$text)
    {
        $db = Core_Db::instance();

        $author = htmlspecialchars($author);
        $email = htmlspecialchars($email);
        $text = htmlspecialchars($text);


        $result = $db->query(" INSERT INTO `".$table."` (`".$key."`, `date`, `text`, `author`, `email`)
                        VALUES (
                        '".  mysql_escape_string($article_id) ."',
                        '". date("Y-m-d H:i:s") ."',
                        '". mysql_escape_string($text)."',
                        '". mysql_escape_string($author). "',
                        '".  mysql_escape_string($email). "');");
        if ($result) {
            return $result;
        } else {
            return false;
        }
    }

    
}

?>
